Cryptography - PKCS12

> Software Security > Cryptography - Key

1 - About

Cryptography - PKCS (Public Key Cryptography Standards)

PKCS12 (ie p12 extension) is intended to store both:

It has the capability of being password protected to provide some protection to the keys.

PFX was the predecessor of PKCS#12.


3 - Management

3.1 - Help

with Openssl See openssl pkcs12 –help. You can add a chain

3.2 - Creation

A PKCS#12 file can be created by using the -export option


  • a server certificate and the required intermediates in one PEM file
  • and private key
openssl pkcs12 -export -in www-example-com.crt -inkey www-example-com.key -out www-example-com.p12

3.3 - To Pem

Privacy-Enhanced Mail (PEM) (OpenSsh key format)

openssl pkcs12 \
    -in /opt/truststore.pkcs12 \
    -nodes \  # all entries
    -out /opt/truststore.pem \
    -passin 'pass:YourPassword'